Comments for Bromiumhttps://blogs.bromium.com
Tue, 11 Apr 2017 15:46:56 +0000hourly1https://wordpress.org/?v=4.8Comment on Busting the Non-Persistent VDI Security Myth! by Cirrus Cloudhttps://blogs.bromium.com/busting-non-persistent-vdi-security-myth/#comment-833
Tue, 11 Apr 2017 15:46:56 +0000http://bromium.wpengine.com/?p=2830#comment-833Short, Sweet and to the Point. Well done Mr. Wiggenhorn.
]]>Comment on Malware’s Newest Disguise: The Humble Resume by Andrew Wolfehttps://blogs.bromium.com/malwares-newest-disguise-humble-resume/#comment-368
Tue, 14 Mar 2017 12:41:49 +0000http://bromium.wpengine.com/?p=2825#comment-368Only Windows have ransomware attacks. GET RID OF WINDOWS. While proofs of concepts have seemed possible for Mac and Linux, the attacks haven’t even been seen let alone succeeded.
]]>Comment on Should Your CEO Be Held Responsible for Your Corporate Security Strategy? by Industrial Networkinghttps://blogs.bromium.com/should-your-ceo-be-held-responsible-for-your-corporate-security-strategy/#comment-360
Tue, 03 Jan 2017 17:11:57 +0000http://blogs.bromium.com/?p=2654#comment-360I would say this as it is my job, however I believe that cyber security requires a job title, if not a department. Without cyber security you may as well have zero cyber presence. If someone wants to hack into your website, software etc, they will. It is sad as we used be to able to relax with security, but there are some people out these who go out of their way to ruin yours.
]]>Comment on Creating a Bromium Culture in IT Management Means Stress-Free Security by Adam LG Ringhttps://blogs.bromium.com/creating-a-bromium-culture/#comment-336
Tue, 08 Nov 2016 11:32:54 +0000http://blogs.bromium.com/?p=2103#comment-336Good article and good solution. Much needed. Good luck with it – @AdamLGRing (Director ACP)
]]>Comment on Advice Can Be Dangerous – Why Critical Thinking Matters by rockafellahttps://blogs.bromium.com/advice-can-be-dangerous-why-critical-thinking-matters/#comment-343
Tue, 25 Oct 2016 03:36:24 +0000http://blogs.bromium.com/?p=2258#comment-343Can you demonstrate this in action?
]]>Comment on Standardizing on Windows 10: Our Advice for Enhancing Security in Large Deployments by CS-Cart.comhttps://blogs.bromium.com/black_hat_2016_windows_10/#comment-323
Tue, 06 Sep 2016 08:52:58 +0000http://blogs.bromium.com/?p=1797#comment-323Thank you for your excellent article, it really helped me.
]]>Comment on Remote code execution on Android devices by Tom Sutcliffehttps://blogs.bromium.com/remote-code-execution-on-android-devices/#comment-576
Fri, 08 May 2015 08:44:21 +0000http://labs.bromium.com/?p=493#comment-576Android 4.4.3 introduced an additional protection to unconditionally prevent access to the getClass() method, so the simple exploit will no longer work. In theory you might still be able to exploit some other method which is unintentionally exposed, but it becomes much harder.

]]>Comment on Remote code execution on Android devices by Jonathan Bar Orhttps://blogs.bromium.com/remote-code-execution-on-android-devices/#comment-575
Thu, 07 May 2015 13:32:13 +0000http://labs.bromium.com/?p=493#comment-575Strange, I have Android 4.4.3 and tried to attack an app with minSDK = targetSDK = 10 which uses WebView’s addJavascriptInterface(), but still — not vulnerable. When running the SAME APP on Android 4.1 – it works.
]]>Comment on Remote code execution on Android devices by Jonathan Bar Orhttps://blogs.bromium.com/remote-code-execution-on-android-devices/#comment-574
Thu, 07 May 2015 13:00:17 +0000http://labs.bromium.com/?p=493#comment-574“Android 4.2 contained a fix for this vulnerability, but the fix was disabled in some situations for backwards compatibility.” –> what situations? I’ve built an app with targetSdk = minSdk = 10, but still it’s vulnerable only on Android < 4.2! When I run this app on my Android 4.4 it's not vulnerable!
]]>Comment on Remote code execution on Android devices by Thomas Coudrayhttps://blogs.bromium.com/remote-code-execution-on-android-devices/#comment-569
Thu, 14 Aug 2014 13:55:13 +0000http://labs.bromium.com/?p=493#comment-569Only the targetSdkVersion is important. Your app is not vulnerable to this attack.

PS: “Half are not vulnerable because their target SDK version is greater or equal to 17″
Just below the pie graph.